On Fri, Mar 13, 2015 at 11:33:43AM -0700, Richard Sharpe wrote:
> Hi folks,
>
> Lots of people use Wireshark to help with problems around the world.
> Sometimes they have a capture from another timezone and a log file
> from that same timezone.
>
> The capture has time in UTC while the logs are most likely in local
> time and it can be hard to reconcile the two.
>
> Can we have something added to the View->Time Display Formt menu that
> allows us to specify the actual offset from UTC that the capture was
> made in so that time can be displayed in local time for that Time
> Zone.
>
> That way it will be easier to work with a capture and a log file.
When I have captures and logs that do not match the timezone, I use the
TZ environment variable to read the captures in the timezone of the
logs, like:
$ TZ=America/New_York tshark -r /path/to/capture.pcap.gz ....
or
$ TZ=America/New_York wireshark /path/to/capture.pcap.gz
HTH,
Niels
